Auditor or Audit Evaluator - Vulnerability Assessment Team


Vacancy ID: 832403   Announcement Number: 2013-22-832403-KC/DO   USAJOBS Control Number: 337508200

Social Security Number


Vacancy Identification Number

The Vacancy Identification Number (VIN) is 832403.
1. Title of Job

Entry Level Auditor or Audit Evaluator - Information Systems
2. Biographic Data

3. E-Mail Address


4. Work Information

If you are applying by the OPM Form 1203-FX, leave this section blank.

5. Employment Availability

6. Citizenship

Are you a citizen of the United States?
7. Background Information

If you are applying by the OPM Form 1203-FX, leave this section blank.

8. Other Information

If you are applying by the OPM Form 1203-FX, leave this section blank.

9. Languages

If you are applying by the OPM Form 1203-FX, leave this section blank.

10. Lowest Grade


00

11. Miscellaneous Information

If you are applying by the OPM Form 1203-FX, leave this section blank.

12. Special Knowledge

If you are applying by the OPM Form 1203-FX, leave this section blank.

13. Test Location

If you are applying by the OPM Form 1203-FX, leave this section blank.

14. Veteran Preference Claim

15. Dates of Active Duty - Military Service

16. Availability Date

If you are applying by the OPM Form 1203-FX, leave this section blank.

17. Service Computation Date

If you are applying by the OPM Form 1203-FX, leave this section blank.

18. Other Date Information

If you are applying by the OPM Form 1203-FX, leave this section blank.

19. Job Preference

If you are applying by the OPM Form 1203-FX, leave this section blank.

20. Occupational Specialties


001 Audit Evaluator
002 Auditor

21. Geographic Availability


373750183 Raleigh, NC

22. Transition Assistance Plan

If you are applying by the OPM Form 1203-FX, leave this section blank.

23. Job Related Experience



24. Personal Background Information

If you are applying by the OPM Form 1203-FX, leave this section blank.

25. Occupational/Assessment Questions:

From the descriptions below, select the one statement that best describes how you meet the minimum qualifications for this position.

1. Are you a citizen of the United States of America?

A. Yes (You will be required to submit proof of citizenship if considered for this position, i.e. Birth Certificate or U.S. Passport.)
B. No

2. Do you possess a Bachelor's degree from an accredited college or university in accounting, or information systems management, or in a related field that includes at least 24 semester hours in accounting or information systems management? (SUBMIT TRANSCRIPTS)

A. Yes
B. No

3. Do you have at least four (4) years of professional auditing experience to include specialized experience in analyzing, reviewing, and assessing information technology procedures and controls in topics such as: vulnerability assessments, general controls, computer security techniques, application control reviews, system development life cycle, operating system software, multi-platform hardware such as client-server or mainframes, network operations and testing, data integrity, disaster recovery, information systems acquisitions, etc.? NOTE: Two years of US Postal Service experience with information systems management may be substituted for two years of auditing experience.

A. Yes
B. No

USPS OIG officials may not appoint any of their relatives or recommend them for appointment in the OIG. Any relative who is appointed in violation of this restriction cannot be paid. Thus it is necessary to have information about your relatives who are working for the USPS OIG. These include: mother, father, daughter, son, sister, brother, aunt, uncle, first cousin, niece, nephew, wife, husband, mother-in-law, father-in-law, daughter-in-law, son-in-law, sister-in-law, brother-in-law, stepfather, stepmother, stepdaughter, stepson, stepsister, stepbrother, half-sister, and half-brother.

4. Does the USPS Office of Inspector General employ any relative of yours by blood or marriage?

A. Yes
B. No

If you answer "Yes" to this question, provide the following information in the section provided for such relatives:

(1) Full name; (2) Present address and ZIP Code; (3) Relationship; (4) Position title; (5) Name and location of USPS OIG installation where employed.

From the descriptions below, select the one statement that best describes how you meet the desirable qualifications of certification and experience for this position. (YOUR RESUME MUST REFLECT WHERE, WHEN, AND HOW YOU GAINED THIS EXPERIENCE.)

5. Do you have an advanced degree in accounting or information systems management, or in a related field that includes at least 24 semester hours in accounting or information systems management, i.e. Masters, etc.?

A. Yes
B. No

6. Do you have multi-disciplined experience in the auditing profession and information systems management industry?

A. Yes
B. No

7. Do you have proficiency in management and use of manual and automated vulnerability assessment processes and tools?

A. Yes
B. No

8. Do you have a Professional Certification, such as CPA, CIA, CRISC, CISA, CISSP, CISM, Lean Six Sigma, etc.? (SUBMIT COPY)

A. Yes
B. No

9. Do you have extensive experience in planning, directing, and executing complex, multi-site (nationwide) performance/efficiency audits?

A. Yes
B. No


KNOWLEDGE OF THE THEORIES, CONCEPTS, PRINCIPLES, AND PRACTICES OF INFORMATION SYSTEMS AUDIT EVALUATION SUFFICIENT TO CONDUCT DIFFICULT ASSIGNMENTS INVOLVING INTERFACES AND INTER-RELATIONSHIPS BETWEEN AND AMONG PROGRAMS, FUNCTIONS, POLICES AND VARIOUS ISSUES

Your resume MUST reflect that you have experience, knowledge, and/or skills in each of the following Evaluation Factors.

For each task in the following groups, choose the statement from the list A through E following each task that best describes your experience and/or training. Your resume must support your answers or your overall rating may be negatively impacted. Please select only one letter for each item.

A- I have not had education, training, or experience in performing this task.
B- I have had education or training in how to perform this task, but have not yet performed it on the job.
C- I have performed this task on the job. My work on this task was monitored closely by a supervisor or senior employee to ensure compliance with proper procedures.
D- I have performed this task as a regular part of a job. I have performed it independently and normally without review by a supervisor or senior employee.
E- I am considered an expert in performing this task; or I have supervised performance of this task or I am normally an individual who is consulted by other workers to assist them in doing this task.

10. Develop audit work that will add value to the agency to focus on areas that warrant audit attention

11. Proved recommendations to improve the ability to identify and track computing assets to address identified issues

12. Audit information systems to ensure integrity and effectiveness of security measures

13. Prepare risk analysis by testing policies, procedures, laws, regulations and internal controls, as well as internal interviews of system users

14. Report audit results, suggesting measures to improve security

15. Inspect and evaluate the organization's financial and information systems, management procedures and security controls to identify waste and fraud

16. Assess the effectiveness of computer systems, programs, and their information security components, to provide recommendations on improvements to make them more effective

SKILL IN ANALYZING, REVIEWING, AND ASSESSING INFORMATION TECHNOLOGY PROCEDURES AND CONTROLS IN TOPICS SUCH AS:TELECOMMUNICATIONS AND NETWORK SECURITY,GENERAL CONTROLS, COMPUTER SECURITY TECHNIQUES, APPLICATION CONTROL, SYSTEM DEVELOPMENT LIFE CYCLE, OPERATING SYSTEM SOFTWARE, MULTI-PLATFORM HARDWARE SUCH AS CLIENT-SERVER OR MAINFRAMES,NETWORK OPERATIONS AND TESTING,, DISASTER RECOVERY, ETC.

17. Assess overall security risks associated with identified vulnerabilities

18. Analyze raw data files and computer generated data using manual and automated techniques

19. Identify opportunities to improve ability to identify and track computing assets

20. Review company operation processes, evaluating the efficiency, effectiveness and compliance with corporate security policies and related government regulation

21. Issue recommendations on best practices to improve the security levels of the system

ABILITY TO EVALUATE COMPUTER SECURITY ASSOCIATED WITH VAROUS INFORMATION TECHNOLOGY ENVIRONMENTS, OPERATING SYSTEMS, HARDWARE, SOFTWARE COMPONENTS, SYSTEMS AND SUBSYSTEMS

22. Determine whether a computer system is safe enough to protect a company's assets and data integrity while allowing for the organizational goals to be attained through efficient use of IT resources

23. Assess and review current technology infrastructure to identify key risks areas, and ensure adequate level of control are in place to address those risks.

24. Address identified issues with Patch Management and software products that are not adequately maintained

25. Proficient in the management and use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems to ensure the infrastructure supporting those systems are secure

26. Evaluate and recommend technological and architectural upgrades/modifications to the agency's Information Systems Security architecture

ABILITY TO COMMUNICATE EFFECTIVELY BOTH ORALLY AND IN WRITING

27. Conduct entrance interviews with auditees to explain the purpose of audit

28. Work in cooperation with others groups of an organization to ensure the security of all IT systems

29. Establish contacts to acquire or exchange information or facts needed to complete an assignment

30. Write information in a clear, concise, and well-organized manner

31. Present information to supervisor and peers explaining audit conclusions

Select the response below that best states your certification of the accuracy of responses and information provided.

32. Your responses to this questionnaire are subject to evaluation, and later steps in the selection process are specifically designed to verify the accuracy of your responses. Deliberate attempts to falsify information may be grounds for disqualifying you or for dismissing you from employment following acceptance. Please take this opportunity to review your responses to ensure they accurately represent your current level of experience and capability, and select the response below that best applies. Failure to certify accuracy below will disqualify you from further consideration for this position.

A. I verify that, to the best of my knowledge and belief, all of the information included in this questionnaire is true, correct and provided in good faith. I accept that if my supporting documentation, or later steps in the selection process do not support one or more of my responses to this questionnaire, my rating may be lowered or I may be removed from further consideration.
B. I choose not to certify the accuracy of my responses and application materials, and I no longer wish to be considered for this position.